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(54) Optical disk, optical recorder, optical reproducer, cryptocommunication system and 
program license system 

(57) The operating and other procedures of an opti- 
cal disk application system of the type for which a net- 
work is used are simplified. Optical disks have auxiliary 
data recording areas, where different IDs for individual 
disks, and/or cipher keys and/or decoding keys for 
ciphers are recorded in advance in a factory. By using 
tiie IDs to release the soft ciphers, using the cipher keys 
when sending the ciphers, and using the decoding keys 
when receiving the ciphers, user authorization proce- 
dures are simplified. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



[0001] The present invention relates to an optical 
disk, an optical disk s^tem and a cryptoconnniunication 
method. 

BACKGROUND 



[0006] 
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[0002] In recent years, with the increased use of 
networks such as the Internet and optical CD ROM 
disks, network soft key distribution for optica) ROM disks 
has increased. Also, electronic commercial transactions 
have increased. is 
[0003] Soft key electronic distribution systems for 
CD-ROM media have been used. In conventional sys- 
tems, it is known to give passwords and decipher the 
enciphered soft ciphers recorded on the CD-ROMs in 
advance. When CD-ROMs are used, however, it is not so 
possible additionally to record on the disks, so that it is 
not possible to individually set IDs for respective disks. 
Therefore, one password would release the ciphers of 
all the disks manufactured from the same original disk. 
For this reason, when CD-ROMs are used, it is neces- 2S 
sary to install the disks' IDs on the hard disks of per- 
sonal computers, or mail to users IDs prepared 
centrally. 

[0004] In electronic distribution systems with con- 
ventional optical cfisks and/or optical disk systenrs, 30 
there is a need to provide the disks and/or systems with 
IDs and/or cipher keys. It is an object of the present 
invention to simply provide IDs and cipher keys for ROM 
disks in electronic distribution systems. 

ss 

SUMMARY OF THE INVENTION 

[0005] To achieve the objects of the present inven- 
tion, the pit portions of optical disks are provided with an 
additional recording area or Burst Cutting Area (herein- 40 
after atsbreviated as BCA) overwritten with a bar code 
and. when the disks are manufactured. IDs differing for 
each disk and. according to the need, cipher keys for 
communication and decoding keys for decoding key 
cipher texts for communication, are recorded individu- 45 
ally In the BCA areas. As a result, when the disks have 
been distributed to users, the user ID numbers, the 
cipher keys for transmission for communication, and the 
decoding keys for reception are distributed automati- 
cally to the users. It is therefore possible to omit some of so 
the procedures that complicate conventional systems. 
Also, cryptocommunication and the identification of 
disks are made possible at the same time. 
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. Rg. 1 is a flow chart of an optical disk according to 
an embodiment of the present invention. 
Rgs; 2a-c are cross sections and results of trim- 
ming with a pulse laser according to an emk>odi- 
ment of the invention. 

Rgs. 3a-g show the signal reproduction waveforms 
at a trimming portion according to an embodiment 
of the invention. 

Rg. 4 is a block diagram of a reproducer according 
to an embodiment of the invention. 
Rg. 5a shows the waveform of a reproduced signal 
at a BCA part according to the invention. Fig. 5b 
shows dimensional relationships of a BCA part 
according to the invention. 
Rg. 6 shows a method of cryptocommunication and 
a cipher key method by means of a password 
according to an embodiment of the present inven- 
tion. 

Rgs. 7a-c show the format of a BCA according to 
the invention. 

Rg. 8 shows a method of cryptocommunication and 
a method of unlocking a cipher with a password 
according to an emt>odiment of the invention. 
Rg. 9 shows a procedure for operation of a disk, the 
content part of which may have been licensed, 
according to an embodiment of the invention. 
Rg. 10 is a block diagram of an example wherein a 
BCA has been recorded in a RAM disk according to 
an embodiment of the present invention. 
Rg. 11 is a block diagram of a method or system for 
prevention of unauthorized copying according to an 
embodiment of the invention. 
Rg. 12 is a flow chart depicting preventing unau- 
thorized copying according to an embodiment of 
the invention. 

Rg. 13a is a plan view and Fig. 13b is a cross sec- 
tion of an optical disk, on the BCA of which an arti- 
cle or commodity bar code has been printed, 
according to an embodiment of the invention. Rg. 
13c shows a method of producing an optical disk 
according to an embodiment of the invention. 
Rg. 14 is a block diagram of a POS settlement sys- 
tem with a ROM disk having a BCA and a POS ter- 
minal according to an embodiment of the invention. 
Rg. 15 is a flow chart of cipher release in and 
between a press company, a software company 
and a selling store, according to an embodiment of 
the present invention. 

Rgs. 16 and 17 are flow charts (Parts 1 and 2. 
respectively) of steps of enciphering and decoding 
cipher data with a disk ID and/or the like according 
to an embodiment of the invention. 
.Rgs. 18, 19 and 20 are flow charts (Parts 1. 2 and 
3, respectively) of communicatiori cipher key distri- 
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bution and cryptocommunication with a BCA 
according to an embodiment of the invention. 
Figs. 21, 22 and 23 are flow charts (Parts 1. 2 and 
3. respectively) of an electronic settlement system 
with a BCA according to an embodiment of the s 
present invention. 

Fig. 24 is a block diagram of a method of recording 
and reproducing for recording limitation to one RAM 
disk with a BCA according to an embodiment of the 
invention. 

[0007] At the end of this specif ication is appended a 
list identifying items corresponding to the reference 
numerals used in the aforementioned drawings, that list- 
ing being in consecutive numerical order of the refer- is 
ence numerals. 

DETAILED DESCRIPTION OF THE INVENTION 

[0008] The present invention will be described on 20 
the basis a number of embodiments. Herein, an addi- 
tional recording area using the BCA system is referred 
to as a 'BCA area*, and data recorded in a BCA is 
referred to as 'BCA data'. In addition, first identification 
data is referred to as *ID' or 'disk ID'. 2s 
[0009] Fig. 1 shows a typical process for producing 
a disk with a BCA. The first cipher key 802, such as a 
public key, is used by a cipher encoder or scrambler 803 
to encipher contents 777 into the first cipher 805. An 8- 
16 modulator 917, such as a mastering unit, modulates 30 
the first cipher 805. A laser records the nrKxJulated sig- 
nal as pits in the first recoixJing area 919 of an original 
disk 800. A molding machine 808a uses the original 
disk 800 to mold disk-like transparent substrates (not 
shown). A reflecting film making machine 808b forms 35 
reflecting Al films, and makes single-sided disks 809a 
and 809b which are each 0.6 millimeter thick. A borKling 
machine 808c laminates these disks together to make a 
completed disk 809. A trimming unit 807 modulates the 
disk ID 921, the first cipher decoding key 922. or the 40 
second cipher key 923 for Internet communication in the 
second recording area 920 of the completed disk 809. 
with a Phase Encoding-Return to Zero (PE-RZ) modu- 
lator 807a. which combines PE modulation and RZ 
modulation. A pulse laser 807b effects BCA trimming to 4S 
make a disk 801 with a BCA. Because laminated disks 
are used, it is not possible to alter the BCA inside, and 
thus the completed disk can be used for security. 
[001 0] A BCA will next be explained briefly 
[0011] As shown in Rg. 2a, a pulse laser 808 trims so 
the reflecting aluminum films 809 of the two-layer disk 
800 in a BCA to record a stripe-like low reflection part 
810 on the basis of a PE modulating signal. As shown in 
Fig. 2b, BCA stripes are formed on the disk, if the 
stripes are reproduced by a conventional optical head, ss 
the BCA has no reflecting signal. Therefore, as shown in 
Fig. 2c, gaps 810a. 810b and 810c are produced, where 
the modulating signal is missing. The modulating signal 



is sliced at the first slice level 915. But, the gaps 810a-c 
have a low signal level, and can therefore be sliced eas- 
ily at the second slice level 916. As shown with the 
recorded and reproduced waveforms in Rg. 3, it is pos- 
sible to reproduce the formed bar codes 923a and 923b 
by level-slicing them at the second slice level 916 by a 
conventional optical pickup as shown in Fig. 3e. As 
shown in Fig. 3f. the waveforms of the codes are shaped 
by a LPF filter so as to PE-RZ decode the codes. As 
shown in Rg. 3g. a digital signal is output. 
[0012] With reference to Fig. 4, the decoding oper- 
ation will be explained. A disk 801 with a BCA includes 
two transparent substrates, which are laminated with a 
recording layer 801a between them. The recording layer 
may either be a single layer 801a or include two record- 
ing layers 800a and 800b. If there are two layers, a BCA 
flag 922 is recorded in the control data of the first 
recording layer 800a. which is adjacent to the optical 
head 6. The flag 922 indicates whether a BCA Is 
recorded or not Because a BCA is recorded in the sec- 
ond layer 800b. the first recording layer 800a is focused 
on first, and the optical head 6 is moved to the radial 
position of the control data 924 in the innermost edge of 
the second recording area 919. The control data is main 
data, and has therefore been Eight to Fourteen Modula- 
tion (EFM), 8-15 or 8-16 modulated. Only when the BCA 
flag 922 in the control data is '1*. a single/double layer 
switching part 827 focuses on the second recording 
layer 801b to reproduce the BCA. If the signal is sliced 
by a level slicer 590 at the general first slice level 915 as 
shown in Fig. 2c, it is converted into a digital signal. This 
signal is demodulated in the first demodulation part by 
an EFM demodulator 925. an 8-15 modulator-demodu- 
lator 926 or an 8-16 modulator-demodulator 927. An 
ECC decoder 36 corrects errors, if any, and outputs 
main data. The control data in the main data is repro- 
duced and only if the BCA flag 922 is 1 is the BCA read. 
When the BCA flag 922 is 1. a CPU 923 orders the sin- 
gle/double layer switching part 827 to drive a focus 
adjustment part 828. switching the focus from the first 
recording layer 801a to the second recording layer 
801b. At the same time, the optical head 6 is moved to 
the radial position of the second recording area 920. 
that is. for the DVD standard, the BCA Is recorded 
between 22.3 and 23.5 mm from the inner edge of the 
control data. Then the BCA is read. Reproduced in the 
BCA area is a signal with a partially missing envelope 
as shown in Rg. 2c. By setting in the second level slicer 
929 the second slice level 916 of which the quantity of 
light is smaller than that of the first slice level 915. it is 
possible to detect the missing parts of the reflecting por- 
tion of the BCA. and a digital signal is output. This signal 
is PE-RZ demodulated by the second denrxxJulatron 
part 930. and ECC decoded by an ECC decoder 930b 
so as to output BCA data, which is auxiliary data. Thus, 
the first demodulator 928, operative according to, 8-16 
modulation demodulates and reproduces the main data, 
while the second demodulation part 930 operative 
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according to PE-RZ modulation demodulates and 
reproduces the auxiliary data, that is, the BCA data. 
[0013] Rg. 5a shows the reproduced wavefbrrh 
before passage through a filter 943. Fig. 5b shows the 
working size accuracy (precision) of the slits of the low s 
reflecting portion 810. It is difficult to make the slit width 
less than 5mm. In addition, if the data is not recorded 
inward radially from 23.5 mm, it will not be properly 
reproduced. Therefore, for a DVD. because of the limita- 
tions of the shortest recording cycle of 30 mm and the io 
maximum radius of 23.5 mm, the maximum capacity 
after formatting Is limited to 188 bytes or less. 
[0014] The modulating signal Is recorded as pits by 
the 8-16 modulation mode, and a high frequency signal 
such as the high frequency signal part 933 In Rg. 5a is is 
obtained. However, the BCA signal is a low frequency 
signal like low frequency signal part 932. Thus, if the 
main data complies with the DVD standard, it is a high 
frequency signal 932 which is about 4.5 MHz or less, 
shown in Rg. 5a, and the auxiliary data is a low fre- 20 
quency signal 933 which Is 8.92 ms in period, that is. 
about 100 kHz. It is therefore relatively simple to fre- 
quency-separate the auxiliary data with a LPF 943. A 
frequency-separating method 934 as shown in Fig. 4, 
including the LPF 943 can easily separate the two sig- 2S 
nals. In this case, the LPF 943, may be sinple in struc- 
ture. 

[0015] The foregoing is an outline of the BCA. 
[0016] With reference to Fig. 6, the overall system 
of a cipher software unlatching system, narrowed down so 
to the operations of password issue, cryptocommunica- 
tion, and orderer certification, will be described. The 
steps in a press factory are nearly the same as in Rg. 1 , 
so the original disk 800 and the completed disk 809 are 
not shown. 3S 
[001 7] In a press fectory 81 1 , a cipher encoder 81 2 
enciphers the data in the plaintexts 810 of the first to the 
'1- m'th contents or scrambles the picture signals 
therein with the first to '1- mth cipher keys 813. respec- 
tively. The data or the signals are then recorded on an 40 
original optical disk 800. Disk-like substrates 809 are 
pressed from the original disk 800. After a reflecting film 
is formed on each substrate 809. the two disk-like sub- 
strates are laminated together. Thereafter a completed 
disk 809 is made. Recorded in the BCA areas 814 of 45 
completed disks 809 are different IDs 815 and/or first 
cipher keys 81 6 (public keys) and/or second cipher keys 
817 (putrfic keys) and second computer connection 
addresses 818 so as to make disks 801 each with a 
BCA. The disks 801 are distributed to users. so 
[0018] The contents of these disks have been enci- 
phered. Therefore, in order to reproduce the contents of 
each of the disks, it is necessary to get a password from 
a password issue center, an electronic shop or a mall, 
by paying a charge. That procedure will be described ss 
next 

[001 9] In a user's first computer 909, if a reproducer 
81 i9 reproduces a distrituited disk 801 with a BCA. a 



BCA reproduction part 820 including a PE-RZ demodu- 
lation part reproduces the data of the ID 815, first cipher 
key 816, second cipher key 817 and/or connection 
address 818. In order to get a password, the conniection 
address 818 of the second computer 821a. which is the 
server of a password issue center 821 , is accessed 
through a communication part 822 via the Internet or 
another network 823. and the ID is transmitted to the 
second computer 821a. 

[0020] Here, the cryptocommunication procedure 
will be described. The second computer 821a receives 
the ID 815 from the user's reproducer 819. Then, the 
second computer or server 821a of the password issue 
center 821, which is called a 'mail' or an 'electronic 
shop' has a cipher key database 824. This database 
contains a table of the secret keys which are the decod- 
ing keys corresponding to the disks* own IDs or the first 
cipher keys 816 of the IDs. that is the first decoding keys 
825 and the IDs. The server can therefore search for the 
first decoding key 825 based on the received ID. Thus 
cryptocommunication is completed from the first com- 
puter to the second computer 821a. In this case, if the 
first cipher key and first decoding key are common keys 
of a common key cipher, not of an pulslic key cipher, they 
are the same key. 

[0021] If the user wants to use part of the enci- 
phered contents stored on the disk 801 , which may be 
1 ,000 In number, for example, the content number 826 
of which is *n'. the user sends to the second computer 
821a the cipher which is the content numt^r 826, that 
is, Vi* enciphered with the public key which is the first 
cipher key 816 by the first cipher encoder 827 com- 
posed of public key cipher functions. The secorKi com- 
puter 821a searches for the first decoding key 825 for 
decoding this cipher as stated above. It is therefore pos- 
sible securely to convert this cipher into plaintext Thus, 
the cipher protects the privacy of the user's order data. 
[0022] In this case, a signature may be made by 
means of the secret key of the public key cipher as the 
f irst cipher key 816. This method is called 'digital signa- 
ture*. For a detailed explanation of the operation of 'dig- 
ital signature*, see, for example. 'Digital Signature of €- 
Mail Security by Bruce Schneider 1995*. 
[0023] Back to the cryptocommunication, the cipher 
is sent through the communication part 822 and net- 
work 823 to the first cipher decoder 827 of the password 
issue center 821. Thus the first cipher decoder 827 
decodes the cipher by means of the first pair cipher key 
825 pairing with the first cipher key 816. 
[0024] In this case, because only the one disk has 
the public key, it is possible to reject invalid orders from 
third parties' disks. In other words, because each disk 
can be certified, it is possible to certify the user who 
owns the disk. It Is thus certified that the content 
number *n* represents a particular individual's order. It is 
therefore possible to exclude invalid orders of third par- 
ties. 

[0025] If the public key 816 is secret, this method 
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can technically be used to send a credit card number, or 
other accounting data which requires high security. 
Generally shops called 'malls' however, do not settle 
users' accounting data electronically, because there is 
no guarantee of security. Only the accounting centers 
828 of credit card companies, banks and the like can 
deal with users' financial data. Presently, security stand- 
ards such as secure electronic tran^ction (SET) are 
being unified, so it is probable that Rivest, Shamir and 
Adieman (RSA) 1024 bit public key ciphers will be used 
and the enclpherment of financial data will be possible. 
[0026] Next, the accounting data cryptocommuni- 
cation procedure of the present invention will be shown. 
First by using the second cipher key 817 of the public 
key cipher reproduced by the BCA reproduction part 

820. the second cipher encoder 831 enciphers the 
accounting data 830 such as an individual's credit card 
number with a public key system cipher such as RSA. 
The enciphered data is sent from the communication 
part 822 through the second computer 821 to the cipher 
decoder 832 of the third computer 828. In this case, if 
there is a need for digital signature, the secret key 829 
is used as the second cipher key 81 7. 

[0027] Similar to the procedure for the cipher key of 
the second computer 821 a of the password issue center 

821, it is possible to search the cipher k^ database 
824a for the second decoding key 829 conresponding to 
the ID or the second cipher key 817. By using this 
decoding key 829. the second cipher decoder 832 can 
decode the enciphered accounting data. 

[0028] If a digital signature is made by the second 
cipher encoder 831 with the secret key 829, the user's 
signature can be confirmed in the second cipher 
decoder 832. The accounting center 828 can thus get 
the user's credit card number, bank card number, bank 
password, or other accounting data safely even via the 
Internet. In open networks such as the Internet, security 
comes into question. By means of this system, however, 
it is possible to make cryptocommunication or certifica- 
tion without fault because the cipher key (public key) for 
cryptocommunication or the secret key for digital signa- 
ture has been recorded in the BCA. It is therefore possi- 
ble to prevent third parties' unauthorized accounting 
and orders. In addition, because it is possible to use var- 
ious public keys for different disks, that is, different 
users, the confidentiality of communication is improved, 
and the possibiGty of users' accounting data leaking to 
third parties is reduced. 

[0029] Refen-ing back to Fig. 6, the procedure for 
issuing a password and the procedure for unlatching 
with a password will be explained. The password issue 
center 821 includes a password generation part 834 
with an operation expression of public key ciphers etc. 
Part 834 generates a password on the basis of three 
data fields, namely, the ID. the content number which 
the user wants to unlatch, and the time data represent- 
ing the period of use allowed. Ttie generated password 
is sent to the first computer 909. In the simplest struc- 



ture example, the second computer enciphers with the 
public key for the public key cipher the data which is a 
mix of the decoding key disk ID for releasing the cipher 
of the '1 - nth content and the timing data, prepares at 

5 the password generation part 834 the '1- nth password 
834a which is a mix of secret keys for unlatching the 
enciphered data, and sends this password 834a to the 
first computer 909. The first computer 909 receives the 
'1- nth password, and decodes with the secret key the 

10 mixed keys of the disk ID. the timing data and the '1 - n*th 
content Here, the password operation part 836 checks 
the ID 835a of the BCA reproduced from the disk, the 
present second timing data 835b, the allowed ID 833a 
and the first timing data 833. and operates to determine 

IS If they coincide. If they do coincide, they are allowed. 
The '1- nth decoding key 836a is output to the cipher 
decoder 837. The cipher 837a of the '1- nth content is 
decoded. The '1- nth content 838 then is output. The 
period of output is limited to the time during which the 

20 first timing data 833 and second timing data 835b coin- 
cide. The password operation part 836 of the first com- 
puter 909 computes three data fields, which are the ID, 
the password 835 and the timing data from the clock 
836b representing the present time. If the ID and timing 

25 data are correct, the correct decoding key is output as 
the result of the computation. Therefore, the cipher 
decoder 837 decodes or descrambles the '1 - nth cipher, 
outputting the plaintext data of the *1- nth content 838, 
or a descrambled picture signal or audio signal. 

30 [0030] In this case, if the second timing data 835b 
of the clock 836b does not coincide with the first timing 
data 838 of the password, the cipher is not correctly 
decoded and therefore not reproduced. If timing data is 
used, it can be applied to time-limit type rental systems. 

35 SO that a movie can k>e reproduced for only three days 
during a rental period. 

[0031] While Fig. 6 shows the procedure in a block 
diagram, the flowcharts of the procedure will be 
explained later with reference to Figs. 16-23. 

40 [0032] Next, the system for the cipher key will be 
described. By putting, as shown in Fig. 7a. t>oth the first 
cipher key 81 6 and second cipher key 81 7 in the BCA, it 
is possible to provide two securities, for a commodity 
deal with a shopping mall and an account settlement 

45 with an 'accounting center'. 

[0033] In this case, with respect to the security with 
an accounting center, it is planned to unify standards 
such as SET. so that an RSA 1024. that is 128 byte 
cipher key, will be stored in the second cipher key area 

so 81 7a. Then, because the BCA has only 1 88 bytes, only 
60 bytes remain for the cipher key for dealing with a 
shopping mall. An elliptic function system public key 
cipher is a cipher function which is 20 bytes in magni- 
tude and which has a security level equal to that of 128 

55 bytes of RSA 1024. 

[0034] An elliptic function is used in the first cipher 
key area 816a of the present invention. An elliptic func- 
tion can obtain 20 byte security, which is equivalent to 
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RSA 1024. Therefore, by using an elliptic function, it is 
possible to store both the first cipher key 816 and sec- 
ond cipher key 81 7 in the 1 88 byte BCA area. 
[0035] By applying a BCA to an optical ROM disk, 
as stated beiFore. it is possit^le to record a disk's own ID 
number, the first and second cipher keys, and a connec- 
tion address. In this case, if the Internet is used, a mall 
is accessed automatically, and merely by distributing 
disks with cipher keys recorded in the BCAs. security is 
possible for distritxjtion of commodities by releasing the 
dphers of contents, certification and keeping secret pur- 
chase of goods, certification and keeping secret when 
accounts are settled, and the like. Therefore, the 
method of cryptocommunication of the present inven- 
tion can, without lowering security, omit and rationalize 
the conventional operations of using IC cards, fbppy 
disks and/or letters to distribute IDs and/or cipher keys 
to users. This is a great advantage. Furthermore, a 
URL, which is an Internet connection address, is not 
fixed, but changeat)le. The URL is recorded in the origi- 
nal disk, and may be accessed. It is. however, not effi- 
cient from the points of view of time and cost to vary the 
original disk when a URL change is made. By having 
recorded the changed URL in the BCA, and connecting 
the BCA connection address 931 instead of the connec- 
tion address of the original disk only if the connection 
address 931 is reproduced from the BCA, It Is possible 
to access the changed address 931 without preparing a 
new original disk 

[0036] Rg. 6 shows a case where the first key of the 
public key and the first k^ of the public key have been 
recorded in the BCA. 

[0037] Rg. 8 shows two diagrams, in one of which 
the first cipher key 816 of the public key and the third 
decoding key 817a of the secret key have been 
recorded in the BCA. In the other diagram, a cipher key 
is produced for cryptocommunication. Because the pro- 
cedure is similar to that of Rg. 6. only different points 
will be described. Rrst, in a press factory, the first cipher 
key 81 6 and third decoding key 81 7a are recorded in the 
BCA. The third decoding key 81 7a is used to receive the 
cipher enciphered with the public key from an account- 
ing center. In this case, the reception security is 
improved. 

[0038] Rrst. with reference to Rg. 8, a more specific 
example of cryptocommunication where a cipher key is 
generated will be described. Because the first cipher 
key 81 6 is a public key. it is necessary to record the third 
decoding key 817a for reception in the BCA. But the 
BCA has a small capacity. In addition, the public key 
needs processing time. Therefore, in Fig. 8, the cipher 
key generation part 838a of the first computer 836 gen- 
erates a pair of a cipher key and a decoding key for the 
public key or a common key by means of a random 
number generator or the like. An example of the com- 
mon key will be described. A common key K 838 is enci- 
phered with the first cipher key 816 and first cipher 
encoder 842, and sent to the second computer 821a. 



The second computer uses the main decoding key 844 
to convert this cipher into plaintext by means of the main 
cipher decoder 843. obtaining a common key K 838a. 
Because both have the common key K. it is possible to 

5 make cryptocommunicatbn from a shop to a user, that 
is, from the second computer 821a to the first computer 
836 by delivering the common key K to the second 
cipher encoder 842a and second cipher decoder 847a. 
Naturally, it is also possible to make cryptocommunica- 

10 tion from the user to the shop, that is, from the first com- 
puter 836 to the second computer 821a by delivering 
the common key K to the second cipher encoder 827a 
and second cipher decoder 845a. The effects of the 
method of recording in the BCA the first cipher key 

IS which is a public key and generating a cipher key will be 
stated. Rrst, it is necessary only to record the first 
cipher key, so that the recording of the decoding key can 
be omitted. Therefore, the small capacity of the BCA is 
not reduced. Second, because the decoding key is 

20 recorded in the BCA. the security is improved. The com- 
mon key may be changed each time. 
[0039] Because of the short operation time, the 
processing-time is short. In this case, if the cipher key 
generation part 838a has generated a pair of a cipher 

25 key and a decoding key of a public key cipher, not a 
common key, it is possible to make the security higher 
than that with the common key. though the processing 
time is longer, by cryptically sencBng the cipher key to 
the second computer 821a, using this key as the cipher 

30 key of the second cipher encoder 842a, and using the 
decoding key as the decoding key of the second cipher 
decoder 847. If the performance of the processing CPU 
is high, it is preferable that the public key be used. If a 
new public key Is generated, only the public key for the 

ss first cipher key is recorded in the BCA, so that no prot>- 
lems of security arise. No capacity of the BCA is con- 
sumed either. In addition, because it is not necessary to 
change the cipher key, maintenance is easy. 
[0040] This time, if the common key K 838 is 

40 defined at the second computer 821a of the password 
issue center 821, the common key Is enciphered with 
the third cipher key 839 by the third cipher encoder 840, 
and sent to the personal computer 836. By using the 
third decoding key 837 which is the secret key repro- 

45 duced from the BCA, the third cipher decoder 841 of the 
personal computer 836 makes a translation into plain- 
text to obtain a common key K 838b. In this case, 
because only this user has the third decoding key 817a 
which is the secret key, It is possible to prevent the con- 

50 tents of communication from the center to the user from 
leaking to third parties. The format of this case is shown 
in Fig. 7b. If an elliptic function is used, the third decod- 
ing key 839b may be 20 bytes, and can therefore be 
stored in the BCA. 

55 [0041 ] Fig. 9 shows a system tor reducing the costs 
of preparing an original disk k>y using a BCA In an end- 
pherment disk. 

[0042] If there is a number 'n' of, for example, 1 .000 
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plaintext contents 850, the cipher encoder 852 enci- 
phers them with the first to the 'mth cipher keys 851 , 
respectively. The ciphered first to the 'm'th contents 853, 
the decoding progrann 854a for the first to *m*th con- 
tents, and the second cipher decoder 861a. which is the 5 
program for decoding the second cipher, are recorded 
as pits in an original disk and then molded into a sub- 
strate, and a reflecting film is formed.. Thereafter, two 
substrates are laminated together to complete an opti- 
cal disk 801 . The second cipher encoder 860 enciphers 10 
the decoding data 854 such as the password for 
unlatching the '1 - nth, for example, the first content, and 
the decoding key. Recorded in advance in the BCA of 
the first disk are the cfisks own identification data, that 
is. the ID 855 and the second cipher which is the end- 75 
phered decoding data. Then, in the reproducer, the sec- 
ond cipher is rqjroduced from the BCA reproduction 
part 820. The second cipher decoder 861 is reproduced 
from the data reproduction part 862, which reproduces 
the ordinary recorded data other than the BCA. There- 20 
fore, the second cipher decoder 861 is used to decode 
the second cipher, reproducing the ID 855a and '1- nth 
password 854a. The cipher decoder 855b uses the 
decoding program 854a for the *1- n'th content repro- 
duced from the data reproduction part 862, and uses 25 
the ID 855a and password 854a to decode the first 
cipher, obtaining the plaintext 855c of the *1- n*th con- 
tent and the identification data 855a. For a personal 
computer, the content and ID are recorded on the hard 
disk 863. This ID 855a checks to determine if there is no 30 
same ID on a network when the program has started, 
and the ID 855a actuates the network protection. It is 
therefore possible to prevent the software from being 
illegally installed. This is yet another advantage of the 
present invention. For example, if 1.000 enciphered 35 
contents are stored and decoding data such as a pass- 
word corresponding to a particular software application 
are recorded on an original disk, this is equivalent in 
substance to the preparation of an optical ROM disk for 
a particular content It is possible to obtain with one 40 
original disk the same effect as in the case where origi- 
nal disks for 1.000 kinds of software are cut. It is there- 
fore possit}le to reduce the costs and time or labor for 
preparing an original disk. 

[0043] Described with reference to Fig. 10 is the 4S 
procedure for enciphering contents with a BCA when 
recording them on a RAM disk. First, the BCA reproduc- 
tion part 820 reproduces the BCA data from the RAM 
disk 856, outputs an ID 857. and sends it through the 
interfaces 858a and 858b and the network to the enci- so 
pherment part 859. The cipher encoder 861 of the enci- 
pherment part 859 endphers contents 860 or 
scrambles picture and sound signals by means of a key 
including the ID 857. The enciphered contents are sent 
to the recorder/reproducer, where the recording drcuit ss 
862 records them on the RAM disk 856. 
[0044] Next, when this signal is reproduced, the 
data reproduction part 865 demodulates the main data 



028 A1 12 

to reproduce the enciphered signal, and the cipher 
decoder 863 decodes the reproduced signal. The BCA 
reproduction part 820 reproduces data containing the 
ID 857 from the BCA area of the RAM disk 856. The 
reproduced data is sent as part of the key to the cipher 
decoder 863. If normally copied, the cipher key 
recorded in the RAM disk is a normal disk ID. The RAM 
disk ID, also, is a normal disk ID. Therefore, the cipher is 
decoded or descrambled to output the plaintext 864 of 
the '1- nth content. For a graphic data, for example, the 
MPEG signal is extended to okrtain a picture signal. 
[0045] In this case, the disk ID is the key for end- 
pherment. Because each disk is unique, it can be cop- 
ied on only one RAM disk. 

[0046] If a disk ID is copied from a normal RAM disk 
to another RAM disk, ID1 which is the original normal 
disk ID differs from ID2 which is the disk ID of the other, 
unauthorized, RAM disk. If the BCA of the unauthorized 
RAM disk is reproduced, ID2 is reproduced. The con- 
tents are ciphered with ID1. however, so that, even If 
unlatching is attempted with ID2 at the cipher decoder 
863. the cipher is not decoded because the key differs. 
Thus, the signal of the illegally copied RAM disk is not 
output, so that the copyright is protected. The present 
invention uses a disk ID system. Therefore, by repro- 
ducing with any drive the normal RAM disk copied nor- 
mally only once, it is possible to unlatch the cipher. The 
encipherment part 859 may. in place of the center, be an 
IC card with a cipher encoder. 

[0047] With reference to the block diagram of Fig; 
1 1 and the ftowchart of Rg. 12. the method of prev«it- 
ing copying will be described. At Step 877a, the installa- 
tion program is actuated. At Step 877b, the BCA 
reproduction part 820 outputs the ID of the auxiliary 
data from the laminated optical disk 801. At Step 877d, 
the data reproduction part 865 reproduces the contents 
and network check software 870 from the main data. 
The contents and the ID 857 are recorded on the HDD 
872. At Step 877c, the ID 857 is encoded with a partic- 
ular secret dpher so as not to be aKered illegally, and is 
recorded as a soft ID in the HDD 857. Thus, the soft ID 
873 is recorded together with the contents on the HDD 
872 of a personal computer 876. Here described is the 
case where the program is started at Step 877f of Rg. 
12. When the program is starts, the procedure go^ to 
Step 877g. where the soft ID 873 of the HDD 872 is 
reproduced, and the soft ID 873a in the HDD 872a of 
another personal computer 876a on a network 876 is 
checked through the interface 875. At Step 877h. a 
check is made to judge if the soft ID 873a of the other 
personal computer and the soft ID 873 are the same 
number. If so. the procedure goes to Step 877i, where 
the start of the program of the personal computer 876 is 
stopped or a warning message is displayed on the 
screen. 

[0048] If the soft ID 873a of the other personal com- 
puter and the soft ID 873 are different, the contents are 
not installed in the plurality of the conrpulers on the net- 
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work. It is therefore decided that there are no illegal cop- 
ies. Then the procedure goes to Step 877K where the 
start of the program is permitted. In this case, the soft ID 
873 may be sent to other personal computers through 
the network. This personal computer can detect illegal 
installation by checking duplication of the soft IDs of the 
personal computers, tf there is illegal installation, a 
warning message is sent to the appropriate personal 
computer/s. 

[0049] Thus, by recording the ID in the BCA. and 
recording the network check program in the pit record- 
ing area, it is possible to prevent multiple installation of 
the software of the same ID on the same network. In this 
way. simple protection from illegal copies is realized. 
[0050] By. as shown in Fig. 13a. applying a write 
(writing) layer 850 of white material, on which charac- 
ters or the like can be written, it is possible to not only 
print characters and write a password or the like with a 
pen. but also prevent the substrates of the optical disk 
from being damaged because the write layer 850 thick- 
ens. The disk ID 815, which is part of the BCA data 849 
recorded by trimming in the BCA area 801a above the 
write layer 850, is translated into plaintext The plaintext 
is converted into alphanumeric characters 851 . By print- 
ing the characters 851 and general bar code 852. it is 
possible for the store and/or user to confirm and/or 
check the ID with a POS bar code reader and/or visu- 
ally, without reading the BCA with a reproducer. The vis- 
ible ID Is not necessary if the user informs the center of 
the ID through a personal computer. If, however, the 
user communicates the ID aurally by telephone to the 
center, it is possible to inform the center off the ID with- 
out inserting the disk in a personal computer, by printing 
the ID identical with the BCA ID in visible form on the 
disk, because the user can visually read the ID. With ref- 
erence to the flowchart of Fig. 13c. the steps for making 
an optical disk will be explained. At Step 853d. disks are 
molded from an original disk, and substrates in which 
pits have been recorded are made. At Step 853e, alumi- 
num reflection films are made. At Step 853f, two disk 
substrates are laminated with an adhesive so that a 
DVD disk or the like is completed. At Step 853g, a label 
is printed by screen printing on one side of each disk. At 
this step, the original disk's own identification data is 
recorded in the form of a bar code. At Step 853h, an ID 
and/or other identification information is printed in the 
format of a bar code for POS on each disk t)y an ink jet 
bar code printer or a thermal-transaiption bar code 
printer or the like. At Step 853i, the k>ar code is read by 
a bar code reader. At Step 853j. a BCA data corre- 
sponding to the identification data is recorded in the 
second recording area of the disk. According to this 
method of manufacturing, the BCA data is recorded 
after ail the steps including the POS bar code and 
excluding the BCA are finished and then the disk identi- 
fication data is confirmed. The BCA can be read only by 
reproducing the disk, but the POS bar code, which is 
low in density, can be read by a commerdal fc>ar code 



reader. The disk ID can be discriminated at every step in 
the factory. By recording the disk ID in the form of a POS 
bar code before the BCA trimming, it is possible to 
almost completely prevent the BCA and the POS bar 

5 code from being illegally recorded. 

[0051] The method of using a BCA will be stated by 
which secondary recording and tertiary recording, too, 
can be made by the BCA method. As shown at Process 
2 in Fig. 15, a software maker can also secondarily 

10 record a pirated edition prevention mark and a check 
cipher. At Process 2, disks 944b may be made in which 
different ID numbers and/or cipher keys for secret com- 
munication with users have been recorded, tt is possible 
to replay the disks 944c and 944d without entering the 

75 passwords. 

[0052] For another application, at Process 3. an 
enciphered or scrambled MPEG picture signal and/or 
other data is recorded on a disk 944e. The operation of 
the MPEG scran^e will not be explained in detail. At 

20 Process 4, the software company makes a disk 844f in 
which a sub-public key for decoding the ID number and 
the scramble release data have been BCA-recorded 
secondarily. It is not possible to replay this disk solely. At 
Process 5, the selling store, after receiving the money 

25 for the disk, makes a password with the sub-secret key 
paired with the sub-public key. and records it tertiarily on 
the disk. Alternatively, a receipt on which the password 
has been printed is given to the user. Thereafter, the 
password has been recorded in the disk 844g. so that 

30 the user can replay it. This method prevents a disk not 
paid for from being replayed normally, even if the disk is 
shoplifted, because the scramisle of the image is not 
released. As a result, shoplifting renders a useless 
product and thus decreases. 

35 [0053] If a password is BCA-recorded permanently 
in a rental video store or another store, a shoplifted disk 
can be used. In this case, as shown at Process 6, the 
BCA is read by a POS bar code reader in the store. A 
password for releasing the scramble is issued at St^ 

40 951 g. printed on the receipt at Step 951 i. and handed to 
the customer at Step 951 j. The customer enters, at Step 
951k. the password on the receipt in a player with 
numeric keys at his/her house. At Step 951 p. the disk is 
replayed for a predetermined number of days, tf a user 

45 rents a disk, given a password for only part of the soft- 
ware in the disk, and when he/she wants to view other 
part of the software, he/she can replay it by being 
informed of the password for this part by telephone at 
Step 951 u. and entering the password at Step 951k A 

so rental video store has been shown as an example. 
When a piece of enciphered software for a personal 
computer is sold at a personal computer software store, 
the password may be printed by a POS terminal and 
handed to the buyer. 

55 [0054] The operations of Processes 5 and 6 in Rg. 
15 at a selling or rental store will be explained in more . 
detail with reference to Rg. 14. A selling store receives 
an enciphered and/or scrambled disk 944f from the soft- 
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ware maker. After the store confirms its receipt of 
money from a user, it sends from its bar code recorder 
945 the ID number of the disk 944f and the data on the 
sub-public key via its POS terminal 946 to the password 
Issue center 952. For a small-scale system, the pass- 
word issue center, that is, the system including the sub- 
secret key of the sub-public key may exist in the POS 
terminal. The password issue center inputs the disk ID 
number and the time data at Step 951 q, computes them 
at Step 951 s, enciphers them with the sub-secret key at 
Step 951 1. issues a password at Step 951 g. and sends 
it through the network 948 and POS terminal 846 to the 
BCA bar code recorder 945. Then the recorded disk 
944g is handed to the customer. The disk 944g can be 
replayed as it Is. 

[0055] For rental stores and personal computer 
software stores. FiOM disks 944f the ciphers and/or 
scrambles of which have not been released are dis- 
played in stores. If a customer designates a particular 
ROM disk 944f. the bar code of the reflection layer by 
the non-reflection part 915 of the disk 944f Is read, so 
that the disk ID number is read, by a person holding a 
circular bar code reader 950 with an integrated rotary 
optical head 953 for spirally scanning, and pressing it on 
the center of disk 900 in a transparent case. By printing 
the commodity bar code of the disk ID as shown at 852 
in Fig. 13, it is possible to read the code with an ordinary 
POS terminal bar code reader. Alternatively, the 
pressed circular bar code recorded in advance on the 
original disk may be read. These data including the disk 
ID are processed by the POS terminal. 946. The charge 
is settled by credit card. The password issue center 
issues, at Step 951 g. a password associated with the ID 
number as stated above. For rental use. a password is 
made by enciphering the disk ID number with date data 
added as used at Step 951 r in order to limit the number 
of days for which the disk can be replayed. For this 
password, the disk can operate on only particular days. 
It is therefore possible to set a rental period, which may 
be three days, for instance, in the password. 
[0056] The thus issued password for descrambling 
is printed at Step 951 i together with the date of rent the 
date of return and the rental title charge on the receipt 
949, and handed with the disk to the customer. The cus- 
tomer takes the disk 944j and receipt 949 home. At step 
951k, the customer enters the password with the ten- 
key input part 954 of the first computer 909 in Fig. 6. so 
that the password 835 is computed with the ID number 
835a and input into the cipher decoder 837. Then, the 
password is converted into plaintext by means of the 
decoding key. Only if the password Is connect, will the 
cipher decoder 837 descramt>le the program data and 
supply image output. 

[00571 In this case, if the password includes time 
data, the data is checked with the date data of the clock 
part 836b. The password Is descrambled fbr the coinci- 
dent dates. The inputted password is stored together 
with the associated ID number in the nonvolatile mem- 



ory 755a of the memory 755. Once the user enters the 
password, it Is descrannbied without being entered 
again. It is thus possible to lock and unlock the disk 
electronically in distributbn. 

5 [0058] With reference to Rg. 16, the method of 
decoding the software of a disk which has been 
recorded as cipher data will be explained in detail. 
[0059] Step (Process) 865 represents the overall 
flow of distribution of cipher data and individual IDs to 

10 users. First, at Step 865a. a number 'm' of data enci- 
phered with the secret first cipher key and a program for 
decoding the enciphered data are recorded in the ROM 
area of an original disk. At Step 865b, sut>strates are 
molded from the original disk, and then the substrates 

15 with reflection films added thereto are laminated in pairs 
to make completed ROM disks. At Step 865c, the 
decoding data (the disk Identification data different for 
the pressed disks, respectively, and/or the decoding key 
for the cipher data) necessary to decode the enciphered 

20 data is recorded in the auxiliary recording area (called 
BCA). which cannot be rewritt^. of each connpleted 
disk by a method of modulation different from that for 
the ROM area. At Step 865d. a user replays the distrib- 
uted disk, selects a desired enciphered data 'n\ and 

25 starts the decoding process. At Step 865e, the user's 
first computer reproduces the enciphered data and the 
decoding program from the ROM area, and reads the 
decoding data from the auxiliary recording area (BCA). 
If, at Step 865f. the second decoding data is not 

30 Obtained on-line, then, at Step 871a of Fig. 17. the ID 
and/or other auxiliary decoding data are displayed on 
the screen. At Step 871b, the user obtains the second 
decoding data such as the password associated with 
the ID. and enters it into the first computer. Carried out 

35 at Step 871c is a particular operation of an open-key 
cipher function with the disk identification data, the sec- 
orxj decoding data, and the enciphered data 'n' If, at 
Step 871d, the result is correct, then, at Step 871f. the 
•1- n'th data is translated into plaintext, so that the user 

40 can make the software of the data 'n* operate. 

[0060] Next, with reference to the f towchart of Fig. 
18. the method of cryptocommunication essential to the 
Internet and/or the like using a BCA will be described. 
Step (Process) 868 is the routine of the method of dis- 

45 tributing the communication program and cipher key for 
communication to users. First, at Step 868a. at least the 
communication program and/or connection data are 
recorded in the ROM area of an original disk. At Step 
868b. substrates are molded from the original disk, and 

so the substrates are laminated in pairs to make completed 
ROM disks. At Step 868c. the disk identification data dif- 
ferent fbr the pressed disks, respectively, and the cipher 
key for cryptocommunication are recorded In the non- 
rewritable auxiliary recording area (BCA) of each com- 

55 pleted disk. According to circumstances, the connection 
address of the second computer and/or the decoding 
key for cryptocommunication Is recorded by a method of 
modulation different from that fbr the ROM area. At Step 
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868d, the user's first computer reproduces the commu- 
nication program and the decoding program from the 
ROM area, and reads the disk identification data and 
the cipher key for communication from the auxiliary 
recording area. The process continues at Fig. 19. At 5 
Step 867a, it is judged if there is a connection address 
in the BCA area. If yes. the second computer is 
accessed, at Step 867b, on the basis of the connection 
address such as the BCA area URL. If there is no con- 
nection address, the computer of the connection 10 
address in the ROM area is accessed at Step 867c. At 
Step 867d. the transmit data is input. At Step 867e. it is 
judged if there is a cipher key for cryptocommunication 
in the BCA area. If so. the transmit data Is enciphered, 
at step 867g, with the cipher key for cryptocommunica- 15 
tion in the BCA area to make a third cipher If not. the 
data is enciphered, at step 867f. with the cipher key for 
cryptocommunication in the ROM area or HDD to make 
a third cipher. 

[0061] In Fig. 20. Step (Process) 869 represents 20 
the routine of generating a decoding key for the cipher 
received from the second computer 910. First, at Step 
869a. the first computer judges if a decoding key for 
communication is necessary. If necessary, the process 
goes to Step 869b, where a check is made to judge if 25 
there is a decoding key for communication in the BCA. If 
there is no decoding key, the process goes to Step 
869c, where a pair of second cipher key for communica- 
tion and second decoding key for communication is 
generated newly with the program for generating the 30 
cipher key/decoding key reproduced from the ROM 
area, by the user keying or with data from a random 
number generator and the second encoder reproduced 
from the ROM area. At Step 869d, a fourth cipher Is 
made which is the second cipher key for communication 3S 
arxi/or the user data enciphered with the cipher key for 
communication recorded in the BCA and the encipher- 
ment software reproduced from the ROM area. At Step 
869e, the fourth dpher and the disk identification data 
and/or the user address are sent to the second compu- 40 
ter of the connection address reproduced from the disk 
The process of the second computer includes Step 
869f. where the fourth cipher, the disk Identification data 
and the user address are received. At Step 869g. the 
decoding key for communication paired with the disk 4S 
Identification data is selected from the decoding key 
data base, and the fourth cipher is decoded with the 
selected key to obtain the plaintext of the second cipher 
key for communication. At Step 869h, the fifth cipher 
which is the server data Including part of the user data so 
and enciphered with the second cipher key for commu- 
nication is sent through the Internet 908 to the first com- 
puter. At Step 869i, the fifth cipher (and disk 
identification data) is (are) received, and decoded with 
the second decoding key for communication and the ss 
decoding function recorded in the ROM area to obtain 
the plaintext of the server data. In this way. the method 
of Step 869 in Fig. 20 realizes two-way cryptocommuni- 



cation between the first and second computers. 
[0062] In Fig. 21. Step (Process) 870 represents 
the routine of receiving accounting data. If, at Step 
870a, the accounting data is Input, the third cipher key 
of the public key cipher for accounting communication Is 
requested from the second computer. At Step 870b. the 
second computer requests the third cipher key from the 
third conputer. The third computer 91 1 sends the ID 
and third cipher key to the second computer, though the 
exchange step Is omitted. At Step 870c, the second 
computer receives the ID and third cipher key At Step 
870e, the seventh cipher which is the third cipher key 
enciphered with the second cipher key for communica- 
tion and/or the like Is sent to the first computer. The first 
computer receives the seventh cipher at Step 870f. At 
Step 870g. the received seventh cipher is decoded with 
the second decoding key for communication so as to 
obtain the third cipher key (public key of public key func- 
tion). At Step 870h, the third cipher key is recorded on 
the HDD according to circumstances. This is used for 
the next transmission. At Step 8701. it is judged if a 
credit card number, a password for settlement arxi/or 
other secret accounting data are Input At Step 870j, the 
eighth dpher which is the accounting data enciphered 
with the third cipher key is sent via the second computer 
to the third computer. At Step 870K the second compu- 
ter receives the eighth cipher and transfers it again to 
the third computer. Only the third computer 912. which 
is. for example, at a banking institution, has the decod- 
ing key for the third cipher, so that the second computer, 
which Is an electronic store, cannot decode it. At Step 
870m, the third computer determines from the cipher 
key data i>ase the third decoding key associated with 
the third cipher key by using Identification data on the 
disk and/or the like, and decodes the eighth cipher with 
the tiiird decoding key. which is the secret key of the 
public key cipher, so as to obtain the plaintext of the 
accounting data. At Step 870n, a check is made to 
judge from the iter's credit data, deposit remains 
and/or other banking data whether the money can be 
received. At Step 870p. the third computer informs the 
second computer of the result of the search. The sec- 
ond computer, which is an electronic store, judges at 
Step 870q if the money can be received. If not, the proc- 
ess goes to Step 870r. where the article and/or the key 
for decoding the cipher software is not sent If the 
money can be received, for a key provision system as 
shown in Fig. 16. the process goes to Step 870s, where 
the cipher software decoding key. that Is. tiie article Is 
sent via Internet 908 to the user's second computer. At 
Step 870t, the first computer receives the cipher soft- 
ware decoding key At Step 870u. the cipher of the '1- 
nth enciphered software Is released. At Step 870w. the 
plaintext of the software is ot>tained. In tills way, a con- 
tent key provision system is realized. 
[0063] The method of Step 870 in Rg. 21 requests 
the third computer, that is, a banking institution to issue 
according to the need a public key for the }hird cipher 
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key. which needs high security for accounting data, tt is 
not necessary to record the public key in the 6CA in 
advance. K is therefore possible to use for the third 
cipher key a stronger RSA system cipher key of 256 
bytes of RSA2048 without consuming the BC A capacity. 
Further, because there is no need for recording in the 
BCAs of all disks in advance, the total of the issued third 
cipher keys decreases, and the computer CPU time 
taken to compute the third cipher keys decreases. In 
addition, because the third ciphers do not exist in the 
BCAs. they are not opened, so that the security is 
improved. In this case, the role of the BCA is, as shown 
in Rgs. 19 and 20, to record the identification data of a 
secret communication disk by means of the cipher key 
of the RSA1024 grade. Only one BCA disk realizes 
cryptocommunication with the second computer, so that 
the effect is high. 

[0064] With reference to Fig. 22, Step (Process) 
872 of cryptocommunication in a case where the cipher 
key and the decoding key both for communication have 
been recorded in the BCA will be described. At Step 
872g, the first computer 909 sends to the second com- 
puter 910 the ninth cipher which is the user data enci- 
phered with the cipher key for communication 
reproduced from the BCA, the basic identification data 
recorded In the ROM area when the original disk was 
made, and the disk identification data recorded in the 
BCA area At Step 872b. the second computer receives 
the ninth cipher, the disk identification data and the 
basic identification data. At Step 872c. the decoding key 
for communication paired with the disk identification 
data from the decoding key data base is retrieved, and 
the ninth cipher is decoded to obtain the plaintext of the 
user data. At Step 872e. the second cipher key associ- 
ated with the disk identification data is selected from the 
cipher key data base. In addition, the second computer 
sends to the first computer the tenth cipher which is the 
server data enciphered with this second cipher and the 
third cipher key received from the third computer by the 
procedure described in Rg. 21 and enciphered with the 
second cipher. The first computer receives the tenth 
cipher at Step 872f. At Step 872g. the received seventh 
cipher is decoded with the second decoding key for 
communication recorded in the BCA, to obtain the plain- 
text of the server data and the third cipher key (public 
key of the public key function). At Step 872h. according 
to the need, tiie third cipher key is recorded on the HDD. 
At Step 872i. it is judged if the accounting data is input. 
If so. the process goes to Step 872j. where tfie eleventh 
cipher which is the accounting data enciphered with the 
third dpher key is sent via the second computer to the 
tiiird computer. At Step 872m. the second computer 
sends the eleventh cipher again to the third computer. 
At Step 872m, the third computer determines from the 
third cipher key data base, the third cipher key paired 
with the identification data on the disk and/or the like, 
and decodes the eleventh cipher to obtain the plaintext 
of the accounting data. At Step 872n. the possibility that 



the money can be received from the user is checked. At 
Step 872p. the result of the search is sent to the second 
computer. At Step 872q. the second computer checks to 
judge if the money can be received from the user. If so. 

5 for a key provision system as shown in Fig. 16, the proc-. 
ess goes to Step 872s, where the cipher software 
decoding key. that is. an article is sent via the Internet to 
the user*s second computer. At Step 872t. the first com- 
puter receives the cipher software decoding key At Step 

JO 872u. the cipher of the '1- n'th enciphered software is 
released. At Step 872w, the plaintext of the software is 
obtained. In this way. a content key provision system is 
realized. 

[0065] The merit of tiie effect of the method of Step 
IS 872 in Fig. 22 is that because both the cipher key and 
the decoding key are recorded in the BCA area, it is not 
necessary to ti-ansmit the decoding key and/or tiie 
cipher key necessary for reception from the second 
computer. The maximum BCA capacity is 188 bytes. A 
20 public key and/or anotiier cipher function needs only 
128 bytes, and can therefore be recorded. Further, it is 
possible to bidirectionally encipher the grade in 
RSA512. Because seven or eight elliptic functions can, 
as shown in Fig. 7, be stored, elliptic functions are more 
25 effective. 

[0066] With reference to Fig. 23. tiie operation and 
effect in a case where the first and third cipher keys 
have been recorded in the BCA in advance will be 
explained. Because Steps 872a tiirough 872w in Fig. 22 

30 are nearly identical witti Steps 873a through 873w in 
Fig. 23. only the different steps will be explained. 
[0067] The third cipher key for protecting the secu- 
rity for accounting data and/or other tanking data has 
been recorded in the BCA. Therefore, at Step 873e. the 

35 second and third computers do not need to generate 
and send the tiiird cipher key. At Steps 873e. 873f and 
873g. the twelfth cipher is sent and received. At Step 
873j. tiie tiiird cipher key is read from the BCA area, and 
the user's accounting data is sent via the second com- 

40 puter to tiie third computer. The method of Fig. 23 does 
not need the third cipher key generated, sent and 
received at all. so tiiat the procedure is simple. 
[0068] In the case of electronic settlement systems, 
in general, there are a plurality of accounting centers 

45 representative of credit companies. Therefore, naturally, 
there is a need for a plurality of third cipher keys, which 
are public keys. As explained with reference to Fig. 7b, 
there is a need for an RSA1024 grade or more, tiiat is, 
128 bytes or more if an RSA cipher function is used. 

so The third cipher key 817b can tiierefore enter only one 
place of 188 bytes of tiie BCA. However, elliptic-function 
cipher keys (elliptic ciphers) which have appeared in 
recent years give, with small capacity, security equiva- 
lent to that of RSA In recent years, RSA function 

55 RSA1 024 has been the lowest standard of banking data 
security. While an RSA function needs 128 tDytes, it is 
said that an elliptic cipher needs only about 20 tiirough 
22 bytes for equivalent security. Therefore, as shown in 
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Fig. 7c. it is possible to store in the BCA seven, eight or 
fewer third ciphers which deal with banking data. The 
use of elliptic functions realizes a BCA-application elec- 
tronic settlement system which can deal with a plurality 
off essential banking centers. Explanation has been 5 
made, concentrated on the third cipher, but even if an 
elliptic cipher is used for the public key for the first cipher 
key. its effect is similar because high security is kept in 
relation to a plurality of electronic stores. 
[0069] With reference to Rg. 24, the RAM disk 10 
recorder/reproducer with a BCA explained with refer- 
ence to Rg. 10 will be described in more detail. As an 
entbodiment. the procedure for recording In a RAM disk 
in a so-called payi3er-view system will be described. 
First, with its program transmitter 883, a CATV company is 
or another software company enciphers movie software 
or other contents 880 by using the first cipher key 882 in 
the first encoder to generate a first cipher 900, and 
sends this cipher to a decoder 886 such as each user's 
CATV decoder. If the decoder 886 sends a request for a 20 
particular program through a network to a key issue 
center 884. the center sends the first decoding data 
885a to the first decoding* part 887 of the first decoder 
886. The first decoding data 885a is a particular piece of 
software such as the scramble release key for the par- 25 
ticular decoder system ID numt>er and particular timing 
data 903. and includes a recording permission card 901 
for a RAM disk. The first decoding part 887 decodes the 
first cipher 900 with the system ID 888 and first decod- 
ing data 885a. In the case of a picture signal, the sigr^l 30 
desaambled once and scrambled further with another 
dpher to protect the signal from being copied is output 
from the third cipher output part 889. The picture can be 
viewed and listened to on a general TV 899. though the 
original signal is guarded from being copied. If the 3S 
recording permission code 901a is NO. It is not possible 
to recoid in a RAM disk 894. If OK. however, it is possi- 
ble to record in only one RAM disk 894. This method will 
be explained. 

[0070] In the decoder 886. an IC card 902 Is 40 
inserted, and the BCA reproduction part 895 reads the 
BCA of the RAM disk 894 in a RAM recorder. Thai the 
disk ID 905 is sent to the IC card 902. The IC card 902 
checks the recording permission code 901a and the 
present time data 904 obtained from the disk IC 905 and 45 
the decoder 886, and makes a two-way hand-shake 
type copy check 907 with the third cipher output part 
889. If the recording permission code and copy checks 
are OK, the second auxiliary encoder 891 in the IC card 
902 issues a second cipher key 906. The second so 
encoder 890 enciphers the third cipher again to gener- 
ate a second cipher, which is the contents 880 enci- 
phered with the disk ID of a particular disk. The second 
cipher is sent to the RAM recorder 892, where it is 8-15 
or 8-16 modulated by the first modulation part in the ss 
recording means 893. The second cipher 912 is 
recorded in the first recording area 894a of the RAM 
disk 894 by means of a laser. In this way, the data of the 



RAM disk 894 is enciphered with the particular disk ID 
number. 

[0071] When the reproduction signals in this disk 
are 8-16 demodulated by the first modulation 896a 
using a normal reproduction means 896, the second 
cipher of the contents is output. The second decoder 
897 has second decoding keys 898a. 898b and 898c, 
which correspond to the cipher keys of the IC cards dif- 
ferent for CATV stations or other program supply com- 
panies, respectively. In this case, the decoding key 
identification data of the decoder 868 or IC card 886 has 
been recorded in the first recording area 894a. The 
reproducer reads the decoding key identification data 
913 from the first recording area 894a. The decoding 
key selection means 914 automatically selects out of 
the decoding keys 898a through 898z the secortd 
decoding key 898a corresponding to each cipher key. 
With the disk ID 905a as a key, the second decoder 897 
decodes the second cipher. An IC card having a partic- 
ular decoding key might be used. In the case of an 
image, it is possible to obtain a normal Image descram- 
bledataTV899a. 

[0072] In the system of Fig. 24. a disk ID 905 is sent 
to the IC card inserted into the decoder in each user's 
home to encipher picture image data and/or the like. It Is 
therefore not necessary for the software company 883 
to individually change the cipher of the contents for dis- 
tribution to users. Consequently, when t)roadcasting 
scrambled pay-per-view images to a great number of 
viewers as is the case with satellite broadcasting and 
CATV, it is possible to permit recording in only one RAM 
disk per user. 

[0073] If, at the same time when recording is made 
in a disk in the system of Fig. 24, an attempt is made to 
illegally copy, that is. record in a second disk, that is, a 
RAM disk of another disk ID. it is not possible to alter the 
disk ID because two-layer disks are used for BCAs. 
Therefore, unauthorized copying in the second disk at 
the same time is prevented. It can be considered that 
during another time period, a simulated or dummy 
recording permission code 901a and/or a third cipher is 
serrt to the decoder and/or IC card and data is recorded 
in a RAM disk of another disk ID. Even against such 
unauthorized practice, the decoder time data control 
part 902 in the IC card compares the time of the timing 
data 903 of the key issue center 884 and/or the time of 
the time data of the contents and the present time of the 
time data part 904a in the decoder to judge if they coin- 
cide. If so (OK), the IC card 902 permits the encipher- 
ment of the second cipher computing unit 990. 
[0074] In this case, a hand-shake type time check 
method might be used which makes the second 
encoder 890 and first decoder 887 exchange check 
data bidirectionally 

[0075] In the case of the hand-shake type, the sec- 
ond cipher computing unit 890 including the IC card, the 
first decoding part 887, and the third cipher part 889 
confirm the cipher data bidirectionally. This prevents the 
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unauthorized copying during the other time periods out- 
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Claims 

1. A recording medium including a first recording area, 
where main data are recorded in the form of pits, by 

a first method of modulation, and a second record- s 
ing area which is a predetermined area in the first 
recording area, where a plurality of radially long 
parts of a reflection film are removed partially, so 
that auxiliary data are recorded by a second 
method of modulation, which differs from the first io 
method, the recording medium being characterised 
by: 

the auxiliary data including a first identification 
data recorded therein for identifying irxiividial 75 
recording mediums; and 
the main data indudihg an impermissible part 
recorded therein which can be used with the 
first identification data and/or a specified pass- 
word. 20 

2. The recording medium described in Claim 1, and 
further characterised in. that it is a read only type 
recording medium. 

25 

3. The recording medium described in Claim 1 or 2. 
and further characterised by a specified password 
being obtained through a specified operation with 
the first identification data. 

30 

4. The recording medium described in Claim 1 or 2. 
wherein, in addition to the first identification data for 
identifying individual recording mediums, a cipher 
key for a cipher and/or a decoding key for a cipher 

is recorded in the auxiliary data. 3S 

5. The recording medium described in Claim 1 or 2. 
and further characterised by the first method of 
modulation being a method of 8-16 modulation, and 
the second method of modulation being a method 40 
of phase encoding modulation. 

6. A method of permitting the use of a program, the 
method being characterised in that it comprises the 
steps of: 45 

reproducing an recording medium including a 
first recording area, where main data are 
recorded in the form of pits, by a first method of 
modulation, and a second recording area so 
which is a predetermined area in the first 
recording area, where a plurality of radially long 
parts of a reflection film are removed partially, 
so that auxiliary data are recorded by a second 
method of modulation, which differs from the 
first method, the auxiliary data Including a first 
identification data recorded therein for identify-* 
tng individual recording mediums and a cipher 



key for a cipher and/or a decoding key for a 
cipher, the main data including an impermissi- 
ble part recorded therein which can be used 
with the first identification data and/or a speci- 
fied password; 

reproducing the first identification data from the 
auxiliary data; and 

enabling the impermissible part to be used and. 
outputting it with the first identification data 
and/or the specified passiword. 

7. The method of permitting the use of a program 
described in Claim 6, and further characterised by 
the specified password being obtained through a 
specified operation with the first identification data. 

8. A method of cryptocommunication characterised in 
that H comprises the steps of : 

reproducing in a first computer an recording 
medium including a first recording area, where 
main data are recorded in the form of pits, by a 
first method of modulation, and a second 
recording area which is a predetermined area 
in the first recording area, where a plurality of 
radially long parts of a reflection film are 
removed partially, so that auxiliary data are 
recorded by a second method of modulation, 
which differs from the first method, the auxiliary 
data including a first identification data 
recorded therein for identifying individual 
recording mediums and a first cipher key for a 
cipher and/or a decoding key for a cipher, 
reading the first ideritif ication data and the first 
cipher key from the auxiliary data; 
obtaining a first cipher which is a first data enci- 
phered with the first cipher key and cipher algo- 
rithm; and 

sending the first cipher from a communication 
. means of the first computer through a network 
to a second computer. 

9. The method of cryptocommunication described in 
Claim 8. and furtiier characterised by the cipher 
algorithm being read from the main data. 

10. A method of cryptocommunication characterised in 
that it comprises the steps of: 

reproducing main data from a first recording 
area of a recording medium in a first conrputer; 
reprodudng auxiliary data from a second 
recording area, the auxiliary data including a 
first identification data for identifying individual 
recording mediums and a first cipher key for a 
cipher and/or a decoding key for a cipher; 
enciphering a first data in the first computer 
with the first cipher key in the auxiliary data by 
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cipher algorithm to make a first cipher; 
connecting to the second computer of a partic- 
ular connection address through a network to 
send the first cipher and the first identification 
data in the auxiliary data; 
receiving the first identification data and the 
first cipher in the second computer; 
selecting the first decoding key which is the 
decoding key for the cipher con^esponding to 
the first identification data received from a first io 
decoding key database, where a relationship 
between the first decoding key and the first 
identification data is stored; and 
decoding the first cipher on the basis of the first 
decoding key to obtain the first data. is 

11. The method of cryptocommunication desaibed in 
Claim 10, and characterised in that it comprises the 
further steps of: 

20 

generating with a first means for generating 
ciphers in the first computer a second cipher 
key and a second decoding key paired with 
each other; 

obtaining a third cipher which is the second 25 
cipher key enciphered with the first cipher key 
in the first computer; and 
sending the third cipher to the second compu- 
ter. 

30 

12. The method of cryptocommunication described in 
Claim 1 1 , and characterised in that it comprises the 
further steps of: 

decoding the received third cipher with the first 3$ 
decoding key to obtain the plain-text of the sec- 
ond cipher key in the second computer; 
obtaining a fourth cipher which is the second 
data enciphered with the second cipher key; 
and 40 
sending the fourth cipher to the first computer. 

13. The method of cryptocommunication described in 
Claim 8. and further characterised in that at the 
step of reproducing two or more cipher keys and/or 4S 
decoding keys for public key cipher from auxiliary 
data which include public key cipher, at least one of 
the cipher keys and the decoding keys is an elliptic 
function cipher. 

so 

14. The method of cryptocommunication described in 
Claim 8. and characterised in that it comprises the 
further step of using an recording medium with aux- 
iliary data including a connection address data of 
the second computer, and reproducing the connec- ss 
tion address from the auxiliary data. 

15. An recording medium recorder for modulating a 



main data by a first method of modulation and 
recording the data by radiating a laser beam 
through an optical lens on to the recording layer of 
a first recording area of an recording medium, the 
recorder being characterised by: 

reproducing, before recording, the auxiliary 
data in a second recording area, where a first 
identification data and a first cipher key for a 
cipher and/or a decoding key for a cipher are 
recorded by a second method of modulation; 
making ai main cipher which is the main data 
enciphered with the first identification data 
and/or the first cipher key and particular cipher 
algorithm; and 

recording the main cipher in the recording layer 
of the first recording area by the first method of 
modulatkxi. 

16. The recording medium recorder described in Claim 

15, and further characterised by: 

receiving in a reception part the second cipher 
which is the first data enciphered with second 
cipher algorithm arxJ a recording permission 
data permitting recording the first data in an 
recording medium; 

obtaining a second decoded data through 
decoding the second cipher with a second 
decoding means; 

making a main cipher through enciphering the 
second decoded data with first cipher algorithm 
different from the second cipher algorithm and 
an auxiliary data in a cipher coniputing means; 
and 

recording the main cipher in the first recording 
area of the recording medium only if the record- 
ing permission data is present. 

17. The recording medium recorder described in Claim 

16. and characterised by: 

mounting an iC card having a computing unit 
therein; 

inputting into the IC card the first identification 
data for identifying the disk of the auxiliary 
data; 

computing the first identification data with the 
computing unit; 

inputting the result of the computation into the 

cipher computing means from the IC card; 

obtaining a main cipher which is an enciphered 

second decoded signal; and 

recording the main cipher in the recording 

medium. 

18. A recording medium reproducer characterised by 
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reading with an optical head and a first means 

of demodulation an recording medium includ- 
ing a first recording area, where a main cipher 
is recorded by a first method of modulation, the 
main cipher being a first data enciphered with a . s 
first identification data by a cipher means; 
reproducing with the optical head and a second 
means of demodulation an auxiliary data 
recorded In a second recording area of the 
recording medium by a second method of io 
demodulation; and 

obtaining the first data by decoding the main 
cipher by means of the decoding means with 
the first identification data In the auxiliary data 
or a first auxiliary identification data which is is 
obtained from the first identification data 
through a predetermined computation. 

19. The riscording medium reproducer described in 
Claim 18. and further characterised by the method 20 
of OKXiulation-demodulation of the first means of 
demodulation being a method of 8-16 modulation- 
demodulation, and the method of demodulation of 
the second means of demodulation being a method 

of phase encoding demodulation. 2S 

20. The recording medium reproducer described in 
Claim 18, and further characterised by the decod- 
ing means including a numt>er "n** of decoding keys, 
and selecting one of the decoding keys on the basis 30 
of a decoding key identification data reproduced 
from the main data in the recording medium. 

21. The method of permitting the use of a program 
described in Claim 6, and characterised in that it 3S 
cornprises the further steps of : . 

connecting a first computer through a network 
to the second conrputer with a particular 
address; 40 
sending to the second computer the first identi- 
fication data for identifying the disk in the auxil- 
iary data; 

computing in the second computer the first 
identification data through a particular cipher 45 
operation, and sending the resultant (obtained) 
password to the first computer: 
computing the password and the first identifica- 
tion data in the decoding operation part of the 
first computer, and so 
sending the resultant second decoding code to 
a cipher decoder; and 

enabling an impermissible part of the main 
data in the recording medium to be used with 
the second decoding code by means of the ss' 
cipher decoder. 

22. A method of inspecting the illegal installation of a 
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program, the method being characterised in that it 
comprises the steps of: 

reproducing with a first computer an recording 
medium inclining a first recording area, where 
main data are recorded in the form of pits, by a 
first method of modulation, and a second 
recording area which is a predetermined area 
in the first recording area, where a reflection 
film is removed partially, so that auxiliary data 
are overwritten by a second method of modula- 
tion, which differs from the first method, the 
auxiliary data including a first Identification data 
recorded therein for identifying individual 
recording mediums, the main data including a 
first program, an installation program for install- 
ing the first program in the hard disk in the first 
computer, and a communication program 
recorded therein; 

reproducing the first identification data from the 
auxiliary data; 

installing the first program in the hard disk; 
recording in the hard disk the first Ideritif tcation 
data or the first auxiliary identiftoation data 
which is obtained from the first identification 
data through a predetermined computation; 
and 

sending, when the Installed first program starts 
or performs a particular operation, the first 
identification data or the first auxiliary identifi- 
cation data by means of the communication 
program to a second computer connected 
through a network to the first computer; or 
checking tiirough thiB network the second iden- 
tification data which corresponds to the first 
iderttif ication data in the hard disk of the sec- 
ond computer or the second auxiliary identifi- 
cation data which is the second identification 
data computed through a particular opeiation: 
and 

limiting the particular operation of the first pro- 
gram or adding a particular operation when tiie 
first and second kientifk:ation data coincide or 
the first and second auxiliary identifkation data 
coincide. 

An recording medium including a first recording 
area, where main data are recorded in the form of 
pits, by a first method of modulation, and a second 
recording area which is a predetermined area in the 
first recording area, where a reflection fim Is 
removed partially in the form of radially long bars 
from which the data cannot be read with the naked 
eye. so tiiat auxiliary data are overwritten by a sec- 
ond method of modulation, which differs from tiie 
first method, at a lower recording density than the 
main data, the recording medium being character- 
ised in that 
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\ 

a first identification data for identifying individ- 
ual recording mediums is recorded in the auxil- 
iary data; 

a first data is recorded in the main data in the 
first recording area of the recording medium, s 
and in that 

a data associated with the first identification 
data is printed as a merchandise bar code 
which can be read by a merchandise bar code 
reader. 10 

24. The recording medium described in Claim 23, and 
further characterised by the merchandise t)ar code 
being printed on the side other than the reproduc- 
tion side of the recording medium. is 

25. A method of permission to use the program of a first 
data in a recording medium, the method being char- 
acterised in that it comprises the steps of: 

20 

reading a first identification data or a first auxil- 
iary identification data with a merchandise bar 
code reader in a first computer from an record- 
ing medium including a first recording area, 
where main data are recorded in the form of 2S 
pits, by a first method of modulation, and a sec- 
ond recording area which is a predetermined 
area in the first recording area, where a reflec- 
tion film is partially removed, so that auxiliary 
data are overwritten by a second method of 30 
modulation, which differs from the first method, 
the auxiliary data including the first identifica- 
tion data recorded therein for identifying indi- 
vidual recording mediums, the main data in the 
first recording area of the recording medium 3S 
including an impermissible part the use of 
which is not permitted, the recording medium 
having a bar code printed thereon from which 
the merchandise bar code reader can read the 
first identification data or the first auxiliary iden- 40 
tification data associated with the first identifi- 
cation data: 

sending the first identification data or the first 
auxiliary identification data through a network 
to a second computer; 45 
computing with the secorKJ computer through a 
cipher operation on the basis of the first identi- 
fication data to make a permission data which 
permits the use of an irnpermissible part; 
sending the permission data to the first compu- so 
ter; and 

printing the permission data on paper with a 
printing means by the first conrputer. 

26. An recording medium including a first recording ss 
area, where main data are recorded In the form of 
pits, by a first method of modulation, and a second 
recording area which is tiie first predetermined area 
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in the first recording area, where a plurality of radi- 
ally long parts of a reflection film are removed par- 
tially, so that auxiliary data are overwritten over the 
pits in a low frequency band for frequency separa- 
tion from the main data, the recording medium 
being characterised by: 

the auxiliary data including a first identification 
data recorded therein for identifying individual 
recording mediums: and 
tiie main data including an impermissible part 
recorded therein which can be used with the 
first identification data and/or a specified pass- 
word. 

27. The recording medium described in Claim 26, arKi 
further characterised by being a read only type 
recording medium. 

28. The recording medium described in Claim 26 or 27, 
and further characterised by the specified pass- 
word being obtained through a specified operation 
wttii tiie first identification data. 
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